North Korean hackers target job seekers with fake interviews
Research has revealed that North Korean cybercriminals tricked unsuspecting “candidates” into downloading fake Windows video conferencing applications that imitated FreeConference.com. The campaign was dubbed “Contagious Interview” after analysts discovered it.
The campaign, discovered by cybersecurity firm ‘Group-IB’, is believed to have been carried out by known threat actor ‘Lazarus’, who has been observed perform similar operations in the past.
The attacks began via a job board, such as LinkedIn or Upwork. The attackers contacted the intended target to discuss a job opening and invited them to continue the conversation via Telegram. From there, the victim was asked to download a video conferencing app, FreeConference or Node.js, for a trial of technical tasks.
Extensive diagrams
Of course, these installers were fake and the victim unknowingly downloaded malware called BeaverTail, which delivered a backdoor called InvisibleFerreft, equipped with keylogging, remote control, and browser stealing capabilities. The FBI recently a statement released warning of North Korean hacker efforts,
“North Korean social engineering schemes are complex and elaborate, often compromising victims with advanced technical knowledge. Given the scale and persistence of this malicious activity, even those well-versed in cybersecurity practices may be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets.”
The Lazarus Group is notorious and has reportedly been active since 2010. During that time, it has attacked a range of targets including governments, healthcare, finance, and defense infrastructure.
As always, we recommend only downloading apps from official sources and verifying the identity of everyone you speak to online. We’ve rounded up our picks for the best malware removal software to keep your data safe.
Via The Hacker News